Skills
skills/gilbertopsantosjr/fullstacknextjs/feature-architecture/Gen Agent Trust Hub

feature-architecture

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): Piped remote script execution found in the environment setup section.
  • Evidence: curl -LsSf https://astral.sh/uv/install.sh | sh in SKILL.md.
  • Analysis: This pattern is a highly dangerous practice as it executes unverified code directly from a remote server. The source domain astral.sh is not included in the allowed Trusted External Sources list, which classifies this as a critical finding regardless of the tool's popularity.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs users to install unverified dependencies.
  • Evidence: pnpm install and npx sst dev --stage dev in SKILL.md.
  • Analysis: Pulling packages from public registries without specified version integrity checks or lockfile validation poses a risk of supply chain attacks.
  • [COMMAND_EXECUTION] (LOW): The skill relies on shell command execution for routine development tasks.
  • Evidence: Commands such as pnpm dev and npx sst dev are documented for the agent to use.
  • Analysis: While standard for a developer-centric skill, the use of shell commands increases the potential impact of other vulnerabilities.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://astral.sh/uv/install.sh - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 07:46 AM